e9be10788dc783417f5fadc510dc89ea88f17945a316ed117128084824cc48f3

General

Target

e9be10788dc783417f5fadc510dc89ea88f17945a316ed117128084824cc48f3
Size

63KB
MD5

96ce9d52d7d4889c417baf7f1c0e6891
SHA1

330b6d059d66b9bb9caa9e7f6dc844b751dd78a9
SHA256

e9be10788dc783417f5fadc510dc89ea88f17945a316ed117128084824cc48f3
SHA512

ada837ee78b3e7412167eb648c8f1a90d18c136b2aeae86f377b1cbf9523d6f6d5571a2bf570fc099a5eb09724b02ad8d8353fd2fc4067f9ebb7c506a013f41d
SSDEEP

768:elcrkuw1Jv7PYxvXms3yJgMm7k8JVsDMyaPzGq+efdxjkv2kABS+:elcoug4D3yekSiLCzGufPjkv2H

Score

N/A

Malware Config

Signatures

Files

e9be10788dc783417f5fadc510dc89ea88f17945a316ed117128084824cc48f3
.exe windows x86

3c371bb4be8f3672ec1b12d8bb2438e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetCurrentThreadId
SetNamedPipeHandleState
GetEnvironmentStringsA
ReleaseMutex
DosDateTimeToFileTime
SetFilePointer
GetEnvironmentVariableA
PeekNamedPipe
CloseHandle
InterlockedPushEntrySList
SetFilePointerEx
GetVersion
GetNamedPipeHandleStateA
WaitForMultipleObjects
GetStringTypeExA
VirtualAllocEx
OpenMutexA
GetSystemTime
lstrcatA
FreeEnvironmentStringsA
GetFileTime
lstrcmpiA
CallNamedPipeA
FileTimeToSystemTime
GetFileAttributesA
FileTimeToDosDateTime
VirtualFree
IsBadStringPtrA
DisconnectNamedPipe
GetLastError
ReadFile
CreateFileA
ConnectNamedPipe
CreateMailslotA
InterlockedPopEntrySList
CreateMutexA

advpack

NeedRebootInit
LaunchINFSectionEx
DoInfInstall
FileSaveRestore
AdvInstallFile
TranslateInfString
RegSaveRestoreOnINF
RegSaveRestore
AddDelBackupEntry
SetPerUserSecValues

apphelp

SdbReadStringTagRef
SdbReadQWORDTag
SdbFindNextMsiPackage
SdbTagIDToTagRef
SdbFindFirstNamedTag
SdbReadDWORDTag
SdbGetTagDataSize
SdbGetStandardDatabaseGUID
SdbReleaseDatabase
ApphelpFreeFileAttributes
SdbQueryDataEx
SdbReadEntryInformation
SdbReadBYTETagRef
ApphelpFixMsiPackageExe
GetPermLayers
SdbFindFirstMsiPackage_Str
ApphelpGetNTVDMInfo
SdbGetDatabaseID
ShimDumpCache
SdbInitDatabase
SdbReadWORDTagRef
SdbRegisterDatabaseEx
SdbGetPermLayerKeys

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3c371bb4be8f3672ec1b12d8bb2438e8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advpack

apphelp

Sections

.text Size: 16KB - Virtual size: 16KB

.data Size: 1024B - Virtual size: 764B

.rsrc Size: 45KB - Virtual size: 48KB

.text
Size: 16KB - Virtual size: 16KB

.data
Size: 1024B - Virtual size: 764B

.rsrc
Size: 45KB - Virtual size: 48KB